Jump to content

Network Question


packet

Recommended Posts

Could you please elaborate your question, I am not sure I understood it correctly.

Link to comment
Share on other sites

I mean can i make a perl script that bource off any server to make it look like someone other thn you is port scanning?

The problem with this, is if you tried to spoof traffic, and use someone else's address as the sender, you will never see the reply. And the user whom you spoofed, would just drop the packets, unless they were looking for them. Port scans will pretty much always be detected by the target sytem, but if you want to see the results, you need to be sure the reply comes to an address you have access to monitor.

if you want something more stealthy, read into nmap's various types of scans. You can do various types without pinging the target first, as well as using UDP sweeps, but if your version doesn't already have it, download the firewalk.nse script from the nmap site which also helps work out ports accepted by firewalls, but filtered by normal internet traffic.

If you feel the need to reinvent the wheel, feel free to write something in perl. I think before you can even think about it though, you need to read up on the basic fundamentals of networking. Start with the OSI model, and work from there. Then think about how you would craft your packets.

Link to comment
Share on other sites

I mean can i make a perl script that bource off any server to make it look like someone other thn you is port scanning?

If you want to do a port scanning and don't want to expose your IP address, you could look into chain proxy. I could be wrong, but I believe Nmap has an option that allows you to input an IP address to make it look like the scanning is coming from another machine other than yours.

Link to comment
Share on other sites

If you want to do a port scanning and don't want to expose your IP address, you could look into chain proxy. I could be wrong, but I believe Nmap has an option that allows you to input an IP address to make it look like the scanning is coming from another machine other than yours.

There are ways to proxy your entire network, not just SOCKS enabled programs such as a browser, but I've not looked into it too deeply and never had the need for it myself.

Many web hosts have shell access though, and you could just install nmap or might even be installed on some hosts already, and use it from there instead of from your home connection, but would need to have access to someone else's account, as it would still be tied to your web hosts IP. Using someone else's account though is a bit sketchy, as you would either need to compromise someones network to do your attacks from there, or have permission on someone else's network to do such things. There are also VPN services for virtual machines, like over something Darren is doing with the CCC and Amazon cloud, you could use one of them to run backtrack in the cloud or such.

Bottom line is, if you don't want things coming back to you, then don't use any IP or account associated with your own network(s). How you do that is up to you, but if you are trying to hide yourself in such a manner, you probably aren't too concerned with the law to begin with, and thats all on you.

Link to comment
Share on other sites

I mean can i make a perl script that bource off any server to make it look like someone other thn you is port scanning?

you could use the Net::SC module to create a port scanner in Perl that uses a chain of SOCKs proxies.

If you want to avoid reinventing the wheel then nmap has both an idle scan and a ftp bounce scan mode. Provided you can find suitable public machines on the internet for acting as a third party in either attack then that is a possibility.

The important thing to remember about the idle scan is that it uses IP Spoofing, so you won't be able to do it from behind NAT (i.e. most peoples home routers these days), as the Spoofed IP gets rewritten by the router with its own IP address. In fact that is important to remember for anything that uses IP Spoofing :)

The ftp bounce scan requires the ftp server to support the PORT command which is disabled by default these days, so suitable ftp servers can be difficult to find these days.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...